Senior Application Security Specialist

As a Senior Application Security Specialist, you will focus on securing our applications through development lifecycle controls and penetration testing to assess the effectiveness of security measures.

Full-time

Closes 11/02/2026

The Information Security department is responsible for the security and risk management of closed source, open source and proprietary applications throughout development and implementation.

Utilising your knowledge of secure development lifecycles and code assessment, you will work with the software development teams to understand and mitigate application-based vulnerabilities.

This role is based within the wider Information Security department, with engineers and analysts of varying backgrounds. Collectively, the team utilises enterprise and bespoke tooling to identify, mitigate threats, and safeguard the Business.

We leverage AI to enhance our existing security processes and practices, embracing the advantages it brings. You will play a key role in our journey to leverage this powerful technology in strengthening our application security.

This role is eligible for inclusion in the Company’s hybrid working from home policy.

• Exceptional understanding and practical experience with manual security testing to find vulnerabilities and logical issues, in either web applications or infrastructure.
• Strong understanding of and demonstrable experience with automated, dynamic, and static application security testing tools.
• Knowledge and understanding of Open Web Application Security Project (OWASP) and its utilisation within threat modelling.
• Experience of software development and languages.
• Working knowledge of CI/CD pipelines and associated security tooling.
• Demonstrative experience in using structured methodologies for conducting and reporting on web application penetration testing.
• Strong written and verbal communication skills.

• Leading the project process to ensure that information security aspects are considered prior to and throughout the project lifecycle.
• Contributing and continuously improving our penetration testing and red teaming methodologies.
• Performing dynamic and static security testing of our applications and infrastructure.
• Performing security code reviews and providing help with remediation.
• Partnering with software development teams to ensure security is accounted for throughout the development lifecycle.
• Contributing continuously improving the Company’s supply chain assurance processes to identify flaws and vulnerabilities.
• Performing advanced risk assessments, threat modelling, and design reviews to ensure effective security controls are in place.
• Identifying opportunities for converting manual tasks into automated processes and identify tooling to support such automation.
• Providing support to technical leads and mentoring junior members of the team.

• Eye care and Flu Vaccinations
• Life Assurance

We are a unique global operator with passion and drive to be the best in the industry. Our values form the foundation of culture and shape the unique way that we work. People are our superpower and we support you to be the best you can be.